BSides PDX CTF 2019

I wrote the web challenges for BSidesPDX this year! You can find them here, along with the solution write-ups. It was so exciting seeing people try to solve the challenges, seeing where they got stuck, and where they came up with an even more clever than intended way to solve a challenge. The first web challenge was a simple JWT “none” algorithm one. If you’re not familiar, a common problem in JWT libraries (in the past, it’s since been fixed in most libraries) was that they would accept a “none” algorithm in the JWT header (instead of HS256 or whatever was intended), and do no validation of the signature.

BSidesPDX 2019 Talk: MWRMV

I just gave a talk at BSidesPDX 2019 called “Modern Websites Require Modern Vulnerabilities”! The slides (and code) are available here. A video of the presentation is available here.

PDXKBC

These boards are now available on mountainblocks.com and $3 from each kit goes to PDXKBC. The assembly guide there is also much better than this one, so I highly recommend checking that out! If you’re reading this blog post, you probably got one of the PDX KBC (Portland Keyboard Club) badges I designed, either at a PDXKBC meetup, SMKmeetup, or at DEF CON. This blog post will go over the materials and tools you need to build the badge, as well as how to flash the firmware and put it together!

2019 Robotics Season

The robotics season in finally over! Or rather, the off-season is beginning. This was my last year as a student on the team, so it’s bittersweet. The Season Wilsonville Our first district event was Wilsonville, which was a really great start for us. We were alliance captains and made it to quarterfinals. Our main issue at that event was reliability. Our robot CAN bus was soldered together, so when we figured out that a motor controller had failed before a match we had to cut the CAN, swap the motor controller out, twist the CAN wires back together, and cross our fingers.

WarGames

One of my favorite scenes from WarGames is after Joshua guesses the launch code and then decides “the winning move is not to play”. I decided to make a fun Go program that guesses the launch code and then interacts with the user as Falken does in the movie. You can find it here. I think the way it simulates guessing the launch code is actually really great as it’s very similar looking to the movie.

Resume

Contact Info Franklin Harding franklinharding0.0@gmail.com (971) 506-0539 https://harding.coffee Technical Skills Strong Go developer and capable frontend developer, experienced with using many databases (PostgreSQL, MariaDB, Redis, ElasticSearch), capable of managing infrastructure with tools such as Terraform, Cloudformation, Ansible, familiar with Kubernetes and many cloud services. Passionate about building performant and resilient systems, and working on user-facing systems. Backend: Go, Java, Python, Node.js Frontend: Javascript, Typescript, React, Vue.js, Jest Databases: MySQL/MariaDB, PostgreSQL, Redis, MongoDB, Elasticsearch

BSides PDX Update

BSides PDX was a blast, as expected. My team (@sectribe) ended up ranked 3 out of 26 on the scoreboard. I was the first person to solve the web-100 and web-200 challenge, and the third to solve the web-300. The web-300 was some pretty standard SQL injection, the web-200 was a padding oracle attack on an encrypted cookie, and the web-100 was URL knocking. Out of all of them, the web-100 frustrated me the most.

BSides PDX

I’ll be at BSidesPDX this weekend, for my second year. I’m going to be participating on the sectribe capture-the-flag team with @swordofomen, and some other infosec peeps. I’m gonna focus on web exploits, reverse engineering, and possibly take a crack at the OSINT section. I’m also looking forward to the Hardware Implant Panel talk, given by Kim Zetter, Joe Grand, Joe FitzPatrick, @__MG__, @r00tkillah, Mickey Shkatov and Jason Meltzer.

Peregrine

Peregrine is a scouting app I developed 2018-2019 with Caleb Eby and Brendan Burkhart. Brendan and Caleb kicked off the project, choosing a stack of Go, SQLite, and React. When I joined the team, about a week into development, I jumped straight into the project. I already loved Go, and now there was a chance for me to create something useful with it, with some awesome people! I started working on it the very night I was introduced to it, without a solid grasp on what scouting even was, to be honest.

About

I… Am a Software Engineer with a passion for working on large user-facing projects Love the challenge of overcoming limitations of software for fun outcomes (hacking), playing and writing CTF challenges Am a huge FIRST robotics nerd, was on the Pigmice in high school and continue to mentor them today Design and build custom mechanical keyboards, help Brian Mock with organizing the Portland Keyboard Club Try to contribute to OSS Answer issues and have some commits in gorilla/mux Wrote and maintain a scouting app used by a handful of FRC teams called Peregrine Have various commits in other projects mrparkers/terraform-provider-keycloak, go-playground/validator, etc Am usually hanging out with friends, skiing, tinkering with my car, or listening to indie pop if I’m not doing anything above